Add Azure App Service to new VNet Integration preview - azure

We want to connect an Azure App Service with our On Premise Network via the new VNet Integration (preview), which doesn't need any Point-to-Site Tunnel anymore.
We already achieved our goal via Azure Portal and now want to implement this in our DevOps Pipelines via ARM Template Deploy or Powershell.
ARM Template Deploy:
We generated the ARM Template from an exisiting App Service with new VNet Integration. Redeploy this Template doesn't add the new VNet Integration, but the old one (very strange):
{
"type": "Microsoft.Web/sites/virtualNetworkConnections",
"apiVersion": "2016-08-01",
"name": "[concat(parameters('sites_name'), parameters('subnet_name'))]",
"location": "West Europe",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('sites_name'))]"
],
"properties": {
"vnetResourceId": "[concat(parameters('virtualNetworks_externalid'), '/subnets/XXXXXXX')]",
"certThumbprint": null,
"certBlob": null,
"routes": null,
"resyncRequired": false,
"dnsServers": null,
"isSwift": true
}
}
Powershell Deploy:
Trying this code will add the old VNet Integration as well:
$propertiesObject = #{
"vnetResourceId" = "/subscriptions/$($subscriptionId)/resourceGroups/$($vnet.ResourceGroupName)/providers/Microsoft.Network/virtualNetworks/$($vnet.Name)/subnets/$($subnetNameToAdd)"
}
$virtualNetwork = New-AzureRmResource -Location $location -Properties $PropertiesObject -ResourceName "$($webAppName)/$($vnet.Name)" -ResourceType "Microsoft.Web/sites/virtualNetworkConnections" -ApiVersion 2016-08-01 -ResourceGroupName $resourceGroupName -Force
Is this another new feature from Microsoft which is just half implemented and semi available?
(yeah, its in preview, but since several month...)

this is how I got it to work:
{
"name": "vnet_name/subnet_name",
"type": "Microsoft.Network/virtualNetworks/subnets",
"apiVersion": "2018-08-01",
"location": "[resourceGroup().location]",
"properties": {
"addressPrefix": "10.0.1.0/24",
"delegations": [
{
"name": "delegation",
"properties": {
"servicename": "Microsoft.Web/serverfarms"
}
}
]
}
},
{
"name": "webappname/virtualNetwork",
"properties": {
"subnetResourceId": "[resourceId('Microsoft.Network/virtualNetworks/subnets', 'vnet_name', 'subnet_name')]",
"swiftSupported": true
},
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks/subnets', 'vnet_name', 'subnet_name')]"
],
"type": "Microsoft.Web/sites/config",
"location": "[resourceGroup().location]",
"apiVersion": "2018-02-01"
}

Related

Azure Functions consumption plan naming

I've created a new Function App in Azure. I picked a consumption plan for the App Service Plan.
Once the app is created I now have a new App Service Plan called "WestEuropePlan" In my resource group.
Next thing. IT department says "WestEuropePlan" is not the correct naming convention for App Service Plans.
What are my options. When creating the Function App Im not allowed to pick or name an existing plan when using consumption based plans.
I cannot rename my autogenerated plan.
I cannot manually create a consumption based plan previous to creating the Function App.
What do i do? Is my only option to not use Consumption based plans and instead create a normal app service plan that I can name myself?
Is there something I can do from azure CLI or using ARM templates?
Above answers will help if you are doing using Azure CLI, if you want to do via Portal itself, you can do as follows,
On the Azure function Review + create step, there is an option to Download the template for automation and you can click on it. Then the Template will be displayed for downloading.
Now click on Deploy
Now you can easily change the Hosting Plan Name, agree to T&Cs and click on Purchase.
More Information: http://jaliyaudagedara.blogspot.com/2020/08/azure-functions-consumption-plan-custom.html
You can create a Azure Function on Consumption plan with your choice of name for consumption plan using ARM Template. Below is the sample template and parameter file:
Templatefile.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"appName": {
"type": "string",
"metadata": {
"description": "The name of the function app that you wish to create."
}
},
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": ["Standard_LRS", "Standard_GRS", "Standard_RAGRS"],
"metadata": {
"description": "Storage Account type"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
},
"runtime": {
"type": "string",
"defaultValue": "node",
"allowedValues": ["node", "dotnet", "java"],
"metadata": {
"description": "The language worker runtime to load in the function app."
}
}
},
"variables": {
"functionAppName": "[parameters('appName')]",
"hostingPlanName": "[parameters('appName')]",
"applicationInsightsName": "[parameters('appName')]",
"storageAccountName": "[concat(uniquestring(resourceGroup().id), 'azfunctions')]",
"storageAccountid": "[concat(resourceGroup().id,'/providers/','Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]",
"functionWorkerRuntime": "[parameters('runtime')]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2016-12-01",
"location": "[parameters('location')]",
"kind": "Storage",
"sku": {
"name": "[parameters('storageAccountType')]"
}
},
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2015-04-01",
"name": "[variables('hostingPlanName')]",
"location": "[parameters('location')]",
"properties": {
"name": "[variables('hostingPlanName')]",
"computeMode": "Dynamic",
"sku": "Dynamic"
}
},
{
"apiVersion": "2015-08-01",
"type": "Microsoft.Web/sites",
"name": "[variables('functionAppName')]",
"location": "[parameters('location')]",
"kind": "functionapp",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
],
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
"siteConfig": {
"appSettings": [
{
"name": "AzureWebJobsDashboard",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[toLower(variables('functionAppName'))]"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~2"
},
{
"name": "WEBSITE_NODE_DEFAULT_VERSION",
"value": "8.11.1"
},
{
"name": "APPINSIGHTS_INSTRUMENTATIONKEY",
"value": "[reference(resourceId('microsoft.insights/components/', variables('applicationInsightsName')), '2015-05-01').InstrumentationKey]"
},
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "[variables('functionWorkerRuntime')]"
}
]
}
}
},
{
"apiVersion": "2018-05-01-preview",
"name": "[variables('applicationInsightsName')]",
"type": "microsoft.insights/components",
"location": "East US",
"tags": {
"[concat('hidden-link:', resourceGroup().id, '/providers/Microsoft.Web/sites/', variables('applicationInsightsName'))]": "Resource"
},
"properties": {
"ApplicationId": "[variables('applicationInsightsName')]",
"Request_Source": "IbizaWebAppExtensionCreate"
}
}
]
}
Reference: https://github.com/Azure/azure-quickstart-templates/tree/master/101-function-app-create-dynamic
You can create from this ARM Template. No app insights and it'll ask appName, hostingPlanName, storageAccountName, storageAccountType, location and runtime
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"appName": {
"type": "string",
"metadata": {
"description": "The name of the function app that you wish to create."
}
},
"hostingPlanName": {
"type": "string",
"metadata": {
"description": "The name of the consumption plan that you wish to create."
}
},
"storageAccountName": {
"type": "string",
"metadata": {
"description": "The name of the storage account name that you wish to create."
}
},
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_RAGRS"
],
"metadata": {
"description": "Storage Account type"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
},
"runtime": {
"type": "string",
"defaultValue": "node",
"allowedValues": [
"node",
"dotnet",
"java"
],
"metadata": {
"description": "The language worker runtime to load in the function app."
}
}
},
"variables": {
"functionAppName": "[parameters('appName')]",
"hostingPlanName": "[parameters('hostingPlanName')]",
"storageAccountName": "[parameters('storageAccountName')]",
"storageAccountid": "[concat(resourceGroup().id,'/providers/','Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]",
"functionWorkerRuntime": "[parameters('runtime')]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2016-12-01",
"location": "[parameters('location')]",
"kind": "Storage",
"sku": {
"name": "[parameters('storageAccountType')]"
}
},
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2018-02-01",
"name": "[variables('hostingPlanName')]",
"location": "[parameters('location')]",
"sku": {
"name": "Y1",
"tier": "Dynamic"
},
"properties": {
"name": "[variables('hostingPlanName')]",
"computeMode": "Dynamic"
}
},
{
"apiVersion": "2015-08-01",
"type": "Microsoft.Web/sites",
"name": "[variables('functionAppName')]",
"location": "[parameters('location')]",
"kind": "functionapp",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
],
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
"siteConfig": {
"appSettings": [
{
"name": "AzureWebJobsDashboard",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[toLower(variables('functionAppName'))]"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~2"
},
{
"name": "WEBSITE_NODE_DEFAULT_VERSION",
"value": "8.11.1"
},
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "[variables('functionWorkerRuntime')]"
}
]
}
}
}
]
}
I recommend you to use Az PowerShell or AzureCLI to perform the naming of your Function App Consumption Plan, it's easier to maintain than ARM Template.
The trick is that you need to create a B1 plan first (so with your custom name) then change some settings on your FunctionApp to fit the ConsumptionPlan restriction (i.e.: AlwaysOn=$false), then you can update/change your App Service Plan B1 to a Consumption Plan (called Y1)
Please find my script in PowerShell to create a Linux Consumption Plan :
(For Windows plan, you can remove "kind" and "properties.reserved=true" in the variable $fullObject, replace "linux" by "windows" on the variable $os_type and remove $my_runtimeVersion variable and change $my_runtime variable from "python" to "dotnet" (or remove it as by default it's dotnet))
# Function App configuration object - Need to be a Basic Tier first as you cannot directly create a consumption plan
$fullObject = #{
location = "West Europe"
sku = #{
name = "B1"
tier = "Basic"
}
kind = "linux"
properties = #{
reserved = $true
}
}
$resourceGroupName = "rg-my-test"
$serverFarmName = "aspl-my-test"
$storageName = "stg-my-test"
$functionAppName = "fa-my-test"
$my_runtime = "python"
$my_runtimeVersion = "3.8"
$os_type = "linux"
Write-Host "Step 1: CREATING APP SERVICE PLAN B1:Basic named [$serverFarmName]"
# Create a server farm which will host the function app in the resource group specified
New-AzResource -ResourceGroupName $resourceGroupName -ResourceType "Microsoft.Web/serverfarms" -Name $serverFarmName -IsFullObject -PropertyObject $fullObject -Force
Write-Host "Step 1: Done"
Write-Host "Step 2: CREATING STORAGE ACCOUNT named [$storageName]"
# Create a storage account which will contain the Azure Function script
New-AzStorageAccount -ResourceGroupName $resourceGroupName -AccountName $storageName -Location westeurope -SkuName Standard_LRS
Write-Host "Step 2: Done"
Write-Host "Step 3: CREATING FUNCTION APP named [$functionAppName]"
# Create a function app in the server farm previously created
New-AzFunctionApp -ResourceGroupName $resourceGroupName -Name $functionAppName -PlanName $serverFarmName -StorageAccount $storageName -Runtime $my_runtime -FunctionsVersion 3 -OSType $os_type -RuntimeVersion $my_runtimeVersion -DisableApplicationInsights
Write-Host "Step 3: Done"
Write-Host "Step 4a: GET FUNCTION APP as an PSObject"
$funcApp = Get-AzResource -ResourceType 'microsoft.web/sites' -ResourceGroupName $resourceGroupName -ResourceName $functionAppName
Write-Host "Step 4a: Done"
Write-Host "Step 4b: SET FUNCTION APP settings"
Write-Host " siteConfig:"
Write-Host " AlwaysOn: false"
Write-Host " FtpsState: Disabled"
Write-Host " MinTlsVersion: 1.2"
Write-Host " Http20Enabled: true"
Write-Host " HttpsOnly: true"
$fullObject = #{
siteConfig = #{
AlwaysOn = $false
FtpsState = "Disabled"
MinTlsVersion = "1.2"
Http20Enabled = $true
}
HttpsOnly = $true
}
$funcApp | Set-AzResource -PropertyObject $fullObject -Force
Write-Host "Step 4b: Done"
Write-Host "Step 5: Set App Service Plan to Dynamic Consumption Plan"
Set-AzAppServicePlan -Name $serverFarmName -ResourceGroupName $resourceGroupName -Tier Y1
Write-Host "Step 5: Done"
In Azure CLI, the command to switch the plan to Consumption Plan is:
az appservice plan update --name aspl-my-test --resource-group rg-my-test --set sku.name=Y1

Connect Azure Web App to vNet using ARM template

I am trying to script the setup of a bunch of resource in Azure, as part of this I need a web app to be able to communicate with a service running on a VM via the vNet.
I have created a template that seems to do everything it should to create the connection but for some reason the connection is not made. Looking in the portal shows that the site is connected to the vNet and that the certificates are in sync, but the point-to-site configuration on the vNet gateway shows no active connections.
However if I disconnect the web app from the vNet and then use the setup button in the Azure portal to reconnect to the same vNet everything works perfectly.
There must be something I'm missing in my template, but having spent the last few hours looking I cannot work out what
Here is my ARM template
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
},
"variables": {
},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[variables('nsgName')]",
"apiVersion": "2016-03-30",
"location": "[parameters('location')]",
"properties": {
"securityRules": []
},
"resources": [ ],
"dependsOn": [ ]
},
{
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[variables('infrastructureNsgName')]",
"apiVersion": "2016-03-30",
"location": "[parameters('location')]",
"properties": {
"securityRules": []
},
"resources": [ ],
"dependsOn": [ ]
},
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('vnetName')]",
"apiVersion": "2016-03-30",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.1.0.0/16"
]
},
"subnets": [
{
"name": "default",
"properties": {
"addressPrefix": "10.1.0.0/17",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]"
}
}
},
{
"name": "infrastructure",
"properties": {
"addressPrefix": "10.1.254.0/24",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('infrastructureNsgName'))]"
}
}
},
{
"name": "GatewaySubnet",
"properties": {
"addressPrefix": "10.1.128.0/24"
}
}
]
},
"resources": [ ],
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]",
"[resourceId('Microsoft.Network/networkSecurityGroups', variables('infrastructureNsgName'))]"
]
},
{
"type": "Microsoft.Web/sites",
"kind": "api",
"name": "[variables('gatewaySiteName')]",
"apiVersion": "2015-08-01",
"location": "[parameters('location')]",
"properties": {
"name": "[variables('gatewaySiteName')]",
"hostNames": [
"[concat(variables('gatewaySiteName'),'.azurewebsites.net')]"
],
"enabledHostNames": [
"[concat(variables('gatewaySiteName'),'.azurewebsites.net')]",
"[concat(variables('gatewaySiteName'),'.scm.azurewebsites.net')]"
],
"hostNameSslStates": [
{
"name": "[concat(variables('gatewaySiteName'),'.azurewebsites.net')]",
"sslState": 0,
"thumbprint": null,
"ipBasedSslState": 0
},
{
"name": "[concat(variables('gatewaySiteName'),'.scm.azurewebsites.net')]",
"sslState": 0,
"thumbprint": null,
"ipBasedSslState": 0
}
],
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('gatewayServerFarmName'))]"
},
"resources": [],
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('gatewayServerFarmName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('vnetName'))]"
]
},
{
"type": "Microsoft.Web/serverfarms",
"sku": {
"name": "S1",
"tier": "Standard",
"size": "S1",
"family": "S",
"capacity": 1
},
"kind": "",
"name": "[variables('gatewayServerFarmName')]",
"apiVersion": "2015-08-01",
"location": "[parameters('location')]",
"properties": {
"name": "[variables('gatewayServerFarmName')]",
"numberOfWorkers": 1
},
"resources": [ ],
"dependsOn": [ ]
},
{
"name": "[variables('vnetGatewayIpName')]",
"type": "Microsoft.Network/publicIPAddresses",
"location": "[parameters('location')]",
"apiVersion": "2015-06-15",
"properties": {
"publicIPAllocationMethod": "Dynamic"
}
},
{
"name": "[variables('vnetGatewayName')]",
"type": "Microsoft.Network/virtualNetworkGateways",
"location": "[parameters('location')]",
"apiVersion": "2015-06-15",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', variables('vnetGatewayIpName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('vnetName'))]"
],
"properties": {
"ipConfigurations": [
{
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets',variables('vnetName'),'GatewaySubnet')]"
},
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('vnetGatewayIpName'))]"
}
},
"name": "vnetGatewayConfig"
}
],
"gatewayType": "Vpn",
"vpnType": "RouteBased",
"enableBgp": false,
"vpnClientConfiguration": {
"vpnClientAddressPool": {
"addressPrefixes": [
"172.16.201.0/24"
]
},
"vpnClientRootCertificates": [
{
"name": "AppServiceCertificate.cer",
"properties": {
"PublicCertData": "[reference(concat('Microsoft.Web/sites/', variables('gatewaySiteName'), '/virtualNetworkConnections/virtualNetworkConnections')).certBlob]"
}
}
]
}
}
},
{
"name": "[variables('gatewayVnetConnectionName')]",
"type": "Microsoft.Web/sites/virtualNetworkConnections",
"location": "[parameters('location')]",
"apiVersion": "2015-08-01",
"dependsOn": [
"[concat('Microsoft.Web/sites/', variables('gatewaySiteName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('vnetName'))]"
],
"properties": {
"vnetResourceId": "[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]"
}
}
]
}
I could never make that work just by the ARM template alone.
However if you can spend one more PowerShell command post-creation, it works beautifully:
# Set VNET Integration for Web App
$ResourceGroup = "WeMadeThatInWestEuropeDidntWe"
$WebApp = "LearningMomentsInProduction"
$PropertiesObject = #{
vnetName = "JimAreYouSureThisIsTheStagingVNET";
}
Set-AzureRmResource -PropertyObject $PropertiesObject `
-ResourceGroupName $ResourceGroup `
-ResourceType Microsoft.Web/sites/config `
-ResourceName $WebApp/web `
-ApiVersion 2015-08-01 -Force -Verbose |
Select -expand Properties |
Select VnetName
# Expected output:
#
# VnetName
# --------
# JimAreYouSureThisIsTheStagingVNET
#
# At this point your Web App is hooked up to the VNET
EDIT:
This does not do what i thought it does.
To resync Point-to-site certificates:
$ResourceGroup = "WeMadeThatInWestEuropeDidntWe"
# VNET Name or Gateway name, try with gateway name!
$vnetName = "JimAreYouSureThisIsTheStagingVNET";
$PropertiesObject = #{
resyncRequired = "true"
}
Set-AzureRmResource -PropertyObject $PropertiesObject -ResourceGroupName $ResourceGroup `
-ResourceType Microsoft.Web/sites/virtualNetworkConnections `
-ResourceName $VnetName
-ApiVersion 2015-08-01 `
-Force -Verbose
A good way of finding the correct settings after you have configured it correct in the Azure Portal, is to take a look under the hood. This can be done by taking a look through https://resources.azure.com/ or the Resource Explorer in the Azure portal.
Here you will find the json in the state it is working and compare those to your ARM template. The settings can't be copied 1-on-1, but it comes close. Good luck with finding the difference.
You put it as a nested resource within the site:
(This assumes everything is under the same subscription and resource group, else, you will need to modify the parameters for resourceId())
"properties":[],
"resources": [
{
"name": "[concat(variables('webappSiteName'), '/', variables('webappSiteName'), '-vnetIntegration')]",
"type": "Microsoft.Web/sites/virtualNetworkConnections",
"apiVersion": "2018-02-01",
"properties": {
"vnetResourceId": "[resourceId('Microsoft.Network/virtualNetworks', 'vnetname')]"
},
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('webappSiteName'))]"
]
}
]
At minimum, that what's required, however, the Microsoft.Web/sites/virtualNetworkConnections resource must have the client certificate data provided (which must be configured in the P2S connection in your vnet gateway), which is the property certBlob which according to the documentation it is:
A certificate file (.cer) blob containing the public key of the private key used to authenticate a Point-To-Site VPN connection.
Having that subnode worked for me, if you don't specify the certificate information, your web application(s) will show an error saying the certificates are not in sync.
Refer to the virtualNetworkConnections documentation online
Hope this helps.

How to create a new resource in Azure ARM templates?

Ok, I've done everything what described here with ARM template - https://azure.microsoft.com/en-us/documentation/articles/web-sites-integrate-with-vnet. Except one thing - Enabling VNET Integration with a pre-existing VNET.
Can this be done in ARM templates?
Thanks!
Here is a sample template that might help you. It's modified from this quickstart sample in GitHub
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"hostingPlanName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the hosting plan to use in Azure."
}
},
"webSiteName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the Azure Web app to create."
}
},
"vnetName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of an existing Azure VNet which has a Gateway Subnet already, and is in the resource group you are going to deploy."
}
},
"skuName": {
"type": "string",
"defaultValue": "S1",
"allowedValues": [
"S1",
"S2",
"S3",
"P1",
"P2",
"P3",
"P4"
],
"metadata": {
"description": "Describes plan's pricing tier and instance size. Check details at https://azure.microsoft.com/en-us/pricing/details/app-service/"
}
},
"skuCapacity": {
"type": "int",
"defaultValue": 1,
"minValue": 1,
"metadata": {
"description": "Describes plan's instance count"
}
}
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "[parameters('hostingPlanName')]",
"type": "Microsoft.Web/serverfarms",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "HostingPlan"
},
"sku": {
"name": "[parameters('skuName')]",
"capacity": "[parameters('skuCapacity')]"
},
"properties": {
"name": "[parameters('hostingPlanName')]"
}
},
{
"apiVersion": "2015-08-01",
"name": "[parameters('webSiteName')]",
"type": "Microsoft.Web/sites",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]": "Resource",
"displayName": "Website"
},
"dependsOn": [
"[concat('Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]"
],
"properties": {
"name": "[parameters('webSiteName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('hostingPlanName'))]"
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "web",
"type": "config",
"dependsOn": [
"[concat('Microsoft.Web/sites/', parameters('webSiteName'))]"
],
"properties": {
"pythonVersion": "3.4"
}
},
{
"apiVersion": "2015-08-01",
"name": "[parameters('vnetName')]",
"type": "virtualNetworkConnections",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Web/sites/', parameters('webSiteName'))]"
],
"properties": {
"vnetResourceId": "[concat(resourceGroup().id, '/providers/Microsoft.Network/virtualNetworks/', parameters('vnetName'))]"
}
}
]
}
]
}
Here are 3 things you should be careful with.
The template starts with a python web app template, and adds a "Microsoft.Web/sites/virtualNetworkConnections" resource. So, if you are using other programing language, you can start with some other template.
The pre-existing VNet should be in the same resource group you are deploying. If the VNet you are using are not in the same resource group, you should modify the "vnetResourceId" in the "properties" of the "Microsoft.Web/sites/virtualNetworkConnections".
The VNet you are using should have a Gateway with a Point-to-Site address already. Otherwise, you will not be able integrate you web app to the VNet. For more details, see Configure a Point-to-Site connection to a virtual network using PowerShell
Update: About how I get this info, well, there is not much about this on the net. This template is constructed based on the PowerShell solution and my knowledge about ARM template. The PowerShell solution is available in this article. Another possible way to get an ARM template is to create those resources in one resource group, and export the template of the resource group in the portal. But, for this case, that is not going to work, because resource type "Microsoft.Web/sites/virtualNetworkConnections" is not supported yet. However, you can still get a look at the REST API by the PowerShell Command Get-AzureRmResource with option -debug.
Get-AzureRmResource -ResourceGroupName <resource group> -ResourceType Microsoft.Web/sites/virtualNetworkConnections -Name <web app>/<VNet> -debug -ApiVersion 2015-08-01
You will get the following REST API.
Uri:
https://management.azure.com/subscriptions/<subscription id>/resourceGroups/<resource group>/providers/Microsoft.Web/sites/<web app>/virtualNetworkConnections/<VNet>?api-version=2015-08-01
Body:
{
"id": "/subscriptions/<subscription id>/resourceGroups/<resource group>/providers/Microsoft.Web/sites/<web app>/virtualNetworkConnections/<VNet>",
"name": "<VNet>",
"type": "Microsoft.Web/sites/virtualNetworkConnections",
"location": "<Location>",
"tags": null,
"properties": {
"vnetResourceId": "/subscriptions/<subscription id>/resourceGroups/<resource group>/providers/Microsoft.Network/virtualNetworks/<VNet>"
"certThumbprint": "<Thumbprint>",
"certBlob": "<cert>",
"routes": null,
"resyncRequired": false,
"dnsServers": null
}
}
Skipping some automatically generated values, you will get the template which is quite similar to the one I write:
{
"name": "<VNet>",
"type": "Microsoft.Web/sites/virtualNetworkConnections",
"location": "<Location>",
"properties": {
"vnetResourceId": "/subscriptions/<subscription id>/resourceGroups/<resource group>/providers/Microsoft.Network/virtualNetworks/<VNet>"
}
}

Create VM from existing VHD: Preview portal

Does anyone now how to create a VM from an existing VHD in the new azure portal ?
I can find lots of info on how to do this in manage.windowsazure.com, but nothing on this functionality in portal.azure.com.
It can't be done literally in the portal. You will have to use powershell.
Create a storageaccount. For example in the portal.
Upload the VHD to azure. To do this, run the following line in powershell after logging in with Login-AzureRmAccount (change the parameters between <> and the path to the vhd on your harddisk):
Add-AzurermVhd -Destination "https://<StorageAccountName>.blob.core.windows.net/<containerName>/<vhdname>.vhd" -LocalFilePath "D:\Virtual Machines\myharddisk.vhd" -ResourceGroupName "<ResourceGroupName" -Overwrite
Create an ARM template.
Multiple possiblities what you can do.
For example choose a template from the Azure Quickstart templates, for example 101
What I have done is:
Created a new project in Visual Studio 2015.
Choose the following project: Cloud->Azure Resource Group
Choose the following template: Windows Virtual Machine
Changed some parameters and removed all stuff that is not necessary.
What it does now is: Create a Windows Virtual Machine using the uploaded vhd as harddisk.
It's using a parameters json file now, and also some variables have to be set in the WindowsVirtualMachine.json
This could be refactored ofcourse. but for now it will do what's needed.
For this sample you have to have the following directory structure (just like Visual Studio creates it)
ProjectDirectory/Scripts/Deploy-AzureResourceGroup.ps1
ProjectDirectory/Templates/WindowsVirtualMachine.json
ProjectDirectory/Templates/WindowsVirtualMachine.parameters.json
Deploy-AzureResourceGroup.ps1
#Requires -Version 3.0
#Requires -Module AzureRM.Resources
#Requires -Module Azure.Storage
Param(
[string] [Parameter(Mandatory=$true)] $ResourceGroupLocation,
[string] $ResourceGroupName = 'CreateImage',
[string] $TemplateFile = '..\Templates\WindowsVirtualMachine.json',
[string] $TemplateParametersFile = '..\Templates\WindowsVirtualMachine.parameters.json'
)
Import-Module Azure -ErrorAction SilentlyContinue
try {
[Microsoft.Azure.Common.Authentication.AzureSession]::ClientFactory.AddUserAgent("VSAzureTools-$UI$($host.name)".replace(" ","_"), "2.8")
} catch { }
Set-StrictMode -Version 3
$OptionalParameters = New-Object -TypeName Hashtable
$TemplateFile = [System.IO.Path]::Combine($PSScriptRoot, $TemplateFile)
$TemplateParametersFile = [System.IO.Path]::Combine($PSScriptRoot, $TemplateParametersFile)
# Create or update the resource group using the specified template file and template parameters file
New-AzureRmResourceGroup -Name $ResourceGroupName -Location $ResourceGroupLocation -Verbose -Force -ErrorAction Stop
New-AzureRmResourceGroupDeployment -Name ((Get-ChildItem $TemplateFile).BaseName + '-' + ((Get-Date).ToUniversalTime()).ToString('MMdd-HHmm')) `
-ResourceGroupName $ResourceGroupName `
-TemplateFile $TemplateFile `
-TemplateParameterFile $TemplateParametersFile `
#OptionalParameters `
-Force -Verbose
WindowsVirtualMachine.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"dnsNameForPublicIP": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Globally unique DNS Name for the Public IP used to access the Virtual Machine."
}
}
},
"variables": {
"OSDiskName": "<vhdNameWithoutExtension>",
"vhdStorageContainerName": "<containerName>",
"storageAccountName": "<StorageAccountName>",
"nicName": "myVMNic",
"addressPrefix": "10.0.0.0/16",
"subnetName": "Subnet",
"subnetPrefix": "10.0.0.0/24",
"vhdStorageType": "Standard_LRS",
"publicIPAddressName": "myPublicIP",
"publicIPAddressType": "Dynamic",
"vhdStorageName": "[concat('vhdstorage', uniqueString(resourceGroup().id))]",
"vmName": "MyWindowsVM",
"vmSize": "Standard_A2",
"virtualNetworkName": "MyVNET",
"vnetId": "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]",
"subnetRef": "[concat(variables('vnetId'), '/subnets/', variables('subnetName'))]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('vhdStorageName')]",
"apiVersion": "2015-06-15",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "StorageAccount"
},
"properties": {
"accountType": "[variables('vhdStorageType')]"
}
},
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('publicIPAddressName')]",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "PublicIPAddress"
},
"properties": {
"publicIPAllocationMethod": "[variables('publicIPAddressType')]",
"dnsSettings": {
"domainNameLabel": "[parameters('dnsNameForPublicIP')]"
}
}
},
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('virtualNetworkName')]",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "VirtualNetwork"
},
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('addressPrefix')]"
]
},
"subnets": [
{
"name": "[variables('subnetName')]",
"properties": {
"addressPrefix": "[variables('subnetPrefix')]"
}
}
]
}
},
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName')]",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "NetworkInterface"
},
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]"
},
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
]
}
},
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Compute/virtualMachines",
"name": "[variables('vmName')]",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "VirtualMachine"
},
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', variables('vhdStorageName'))]",
"[concat('Microsoft.Network/networkInterfaces/', variables('nicName'))]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[variables('vmSize')]"
},
"storageProfile": {
"osDisk": {
"name": "osdisk",
"osType": "Windows",
"vhd": {
"uri": "[concat('http://', variables('storageAccountName'), '.blob.core.windows.net/', variables('vhdStorageContainerName'), '/', variables('OSDiskName'), '.vhd')]"
},
"caching": "ReadWrite",
"createOption": "Attach"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]"
}
]
}
}
}
]
}
WindowsVirtualMachine.parameters.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"dnsNameForPublicIP": {
"value": "<someUniqueNameForYourDnsName>"
}
}
}
Execute the powershell script
Open up a Powershell command and execute the ps1 script. You only have to pass the location where you want the vm to be created like: (you should already be logged in with Login-AzureRmAccount)
Before running change the parameters in both json files!
.\Deploy-AzureResourceGroup.ps1 "West Europe"
The logging should tell you that the VM is created successfully.
Today (Oct 2016) it still canĀ“t be done in the new portal.
But for completeness: You can do it in the old portal (https://manage.windowsazure.com):
Click New - Compute - Virtual Machine - From Gallery.
On the left either select MY IMAGES or MY DISKS and select the VHD you want to use.
Follow the instructions as usual.

Import a database using AzureRM Powershell

There is a document named Import a BACPAC file to create a new Azure SQL database using PowerShell that covers how to import a bacpac file into SQL server under ASM.
Is there a way to import a bacpac file into an Azure SQL Server using Azure Resource Management cmdlets.
Following on from #juvchan answer I have been trying to get the following to work.
$update = #{
"operationMode" = "Import"
"storageKey"= "Key"
"storageKeyType" = "Primary"
"administratorLogin"= "adminlogin"
"administratorLoginPassword"= "adminpassword"
"storageUri"= "https://example.blob.core.windows.net/sql/exampleIOSQL-2016-1-23-12-26.bacpac"
}
New-AzureRmResource -ResourceGroupName "resourcegroupname" `
-ResourceType "Microsoft.Sql/servers" `
-Name "sqldbsvr" `
-PropertyObject $update `
-ApiVersion 2015-08-01 `
-Force -Location "westeurope"
Unfortunately I can't get anything but this very helpful error message -
New-AzureRmResource : {"code":"","message":"An error occurred while processing this request.","target":null,"details":[],"innererror":[]}
At current time, the latest Microsoft Azure PowerShell - January 2016 (version 1.1)'s Azure RM module does not have any cmdlets which
can support Azure SQL database import like the Azure Service Management's cmdlet i.e. Start-AzureSqlDatabaseImport
However, there is a workaround which can achieve this in the Azure Resource Manager (ARM) context.
The workaround is to do a Azure Resource Group template deployment with a user-defined ARM template which include the database import resource type.
The proposed workaround consist of a sample PowerShell script, a sample ARM template json and a sample ARM Template parameters json as shown below:
The PowerShell sample code is as below:
Login-AzureRmAccount
$tenantId = "your_tenant_id"
$subscriptionId = "your_subscription_id"
$rgName = "your_rg_name"
$location = "your_location"
$templateFile = "YourARMTemplate.json"
$templateParamFile = "YourARMTemplate.Parameters.json"
Set-AzureRmContext -SubscriptionId $subscriptionId -TenantId $tenantId
New-AzureRmResourceGroup -Location $location -Name $rgName -Force
$deployment = New-AzureRmResourceGroupDeployment -ResourceGroupName $rgName -TemplateFile $templateFile -TemplateParameterFile $templateParamFile -Mode Incremental -Force
The sample ARM template json for Azure SQL database import is as below:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"variables": {
"dbApiVersion": "2014-04-01-preview",
"resourceGroupLocation": "[resourceGroup().location]",
"dbServerNameTidy": "[toLower(trim(parameters('dbServerName')))]",
"masterDbNameTidy": "[toLower(trim(parameters('masterDbName')))]"
},
"parameters": {
"dbServerName": {
"type": "string"
},
"dbLogin": {
"type": "string"
},
"dbPassword": {
"type": "string"
},
"dbServerVersion": {
"type": "string",
"defaultValue": "12.0"
},
"dbCollation": {
"type": "string",
"defaultValue": "SQL_Latin1_General_CP1_CI_AS"
},
"dbEdition": {
"type": "string",
"defaultValue": "Standard"
},
"dbMaxSize": {
"type": "string",
"defaultValue": "10737418240"
},
"dbServiceObjectiveLevel": {
"type": "string",
"defaultValue": "455330E1-00CD-488B-B5FA-177C226F28B7"
},
"bacpacStorageKey": {
"type": "string"
},
"masterDbName": {
"type": "string"
},
"masterBacpacUrl": {
"type": "string"
},
},
"resources": [
{
"type": "Microsoft.Sql/servers",
"apiVersion": "[variables('dbApiVersion')]",
"properties": {
"administratorLogin": "[parameters('dbLogin')]",
"administratorLoginPassword": "[parameters('dbPassword')]",
"version": "[parameters('dbServerVersion')]"
},
"name": "[variables('dbServerNameTidy')]",
"location": "[variables('resourceGroupLocation')]",
"resources": [
{
"type": "firewallrules",
"apiVersion": "[variables('dbApiVersion')]",
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
},
"name": "AllowAllWindowsAzureIps",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', variables('dbServerNameTidy'))]"
]
},
{
"type": "databases",
"apiVersion": "[variables('dbApiVersion')]",
"properties": {
"edition": "[parameters('dbEdition')]",
"collation": "[parameters('dbCollation')]",
"maxSizeBytes": "[parameters('dbMaxSize')]",
"requestedServiceObjectiveId": "[parameters('dbServiceObjectiveLevel')]"
},
"name": "[variables('webDbNameTidy')]",
"location": "[variables('resourceGroupLocation')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', variables('dbServerNameTidy'))]"
],
"resources": [
{
"type": "extensions",
"apiVersion": "[variables('dbApiVersion')]",
"properties": {
"operationMode": "Import",
"storageKey": "[parameters('bacpacStorageKey')]",
"storageKeyType": "Primary",
"administratorLogin": "[parameters('dbLogin')]",
"administratorLoginPassword": "[parameters('dbPassword')]",
"storageUri": "[parameters('masterBacpacUrl')]"
},
"name": "Import",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers/databases', variables('dbServerNameTidy'), variables('masterDbNameTidy'))]"
]
}
]
}
]
}
]
}
The sample ARM template parameters json for Azure SQL database import is as below:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"dbServerName": {
"value": "<your DB Server Name>"
},
"dbLogin": {
"value": "<Your DB server login name>"
},
"dbPassword": {
"value": "<Your DB server login password>"
},
"bacpacStorageKey": {
"value": "<Your Azure Storage Account Primary key which stores the bacpac blob>"
},
"masterDbName": {
"value": "<your Azure Sql Db name>"
},
"masterBacpacUrl": {
"value": "<Your Azure storage account Bacpac blob file full Url>"
}
}
}
Hope this helps and clarifies.

Resources